Logging in to a Django site with a magic token

I have a simple video website for my kids and each kid has a separate login. This is so they can each have their own videos, but also so that some videos can be private (ie. hidden from the outside world, or other logged in users). Typing in a username and password is impossible for my kids to do, as they are almost 5 and 2 years old, and they use this website on Google TV. So, with a magic token-style login, all they need to do is navigate to their bookmark on the Google TV homepage and press OK on the remote control.

(I don't need crazy security--it wouldn't be the end of the world if somehow someone guessed the magic token and saw some private videos, which are basically just home videos uploaded to Youtube. Videos that I really wouldn't want the public to see don't get uploaded to Youtube in the first place.)

I couldn't find how to do this easily, although one person on stackoverflow suggested "logging in the user in the view by calling 'login'". The tricky part was figuring out that I had to set the User object's backend to 'django.contrib.auth.backends.ModelBackend'. It's a bit of a hack, but it works, and it's simple.


class MagicToken(models.Model):
    user = models.OneToOneField(User)
    magictoken = models.CharField(max_length=128, unique=True)
    def __unicode__(self):
        return unicode(self.user)


from django.http import HttpResponse, HttpResponseRedirect, Http404
import django.contrib.auth.login
class MagicTokenLogin(View):
    def get(self, request, token):
            magic_token_obj = MagicToken.objects.get(magictoken=token)
        except MagicToken.DoesNotExist:
            raise Http404
        user = magic_token_obj.user
        user.backend = 'django.contrib.auth.backends.ModelBackend'
        django.contrib.auth.login(request, user)
        if request.user.is_authenticated():
            # login successful
            return HttpResponseRedirect(reverse('some-view-for-logged-in-users'))
            # login failed
            return HttpResponseRedirect(reverse('some-view'))


There are some secret codes through which you can put security to your online accounts but according to the professionals who have guided some of my friends at Assignment Doer the secure accounts are actually not totally secure and all of the data is being monitored.

About Assignment offer versatile academic writing services in diversified domain to clients of every level worldwide. We are blessed with highly qualified and professional team of writers, who put their heart and soul to come up with quality and assignment help for our valuable clients.

Visit For:

Academic Writing Help http://www.aboutassignment.com
Assignment Writing Service http://www.aboutassignment.com/services.aspx
Essay Writing: http://www.aboutassignment.com/services/essay
Thesis Paper: http://www.aboutassignment.com/services/thesis
Research Paper: http://www.aboutassignment.com/services/research-paper
Coursework Paper: http://www.aboutassignment.com/services/coursework

Writing in a username and secret key is unimaginable for my children to do, as they are right around 5 and 2 years of age, and they utilize this site on Google TV. Along these lines, with an enchantment token-style login, they should do nothing more than explore to their bookmark on the Google TV write my essay

Thanks for posting this.
I wish it was able to be translated, but for some reason Google toolbar isn't working. I copy pasted it into another application and read the post.

Real Dissertation Writing and our Experienced PhD writers providing you the best custom dissertation writing services for the students of UK and US at affordable price and unlimited revisions if you are not satisfied.

Add new comment